CVE-2020-12761
published 2020-05-09CVE-2020-12761: modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many…
critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | imlib2 | < imlib2 1.6.1-2 (bookworm) | imlib2 1.6.1-2 (bookworm) |
| enlightenment | imlib2 | — | — |
| enlightenment | imlib2 | >= 0 < 1.6.1-2 | 1.6.1-2 |
| enlightenment | imlib2 | >= 0 < 1.6.1-2 | 1.6.1-2 |
| enlightenment | imlib2 | >= 0 < 1.6.1-2 | 1.6.1-2 |
| enlightenment | imlib2 | >= 0 < 1.6.1-2 | 1.6.1-2 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.1CRITICAL